kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4742 from justinsb/mount_xtables_lockfile 

Mount the iptables lock file
This commit is contained in:
k8s-ci-robot 2018-03-20 19:21:03 -07:00 committed by GitHub
parent efcae92e7b e93d88ecc2
commit 5c7f974eb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nodeup/pkg/model/kube_proxy.go
View File

@ -217,6 +217,19 @@ func (b *KubeProxyBuilder) buildPod() (*v1.Pod, error) {
addHostPathMapping(pod, container, "etchosts", "/etc/hosts")
}
// Mount the iptables lock file
if b.IsKubernetesGTE("1.9") {
addHostPathMapping(pod, container, "iptableslock", "/run/xtables.lock").ReadOnly = false
vol := pod.Spec.Volumes[len(pod.Spec.Volumes)-1]
if vol.Name != "iptableslock" {
// Sanity check
glog.Fatalf("expected volume to be last volume added")
}
hostPathType := v1.HostPathFileOrCreate
vol.HostPath.Type = &hostPathType
}
pod.Spec.Containers = append(pod.Spec.Containers, *container)
// Note that e.g. kubeadm has this as a daemonset, but this doesn't have a lot of test coverage AFAICT